package bancoperu.dao;

import java.sql.Connection;
import java.sql.Date;
import java.util.*;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Collection;

import bancoperu.model.Customer;
import bancoperu.model.Security;
import bancoperu.util.Converter;

import bancoperu.dao.CustomerDAO;

public class SecurityDAO extends BaseDAO {

	public Customer checkcustomer(String customerID, String CustomerPassword)
			throws Exception {

		String query = "SELECT CustomerID, CustomerPassword, LoginAttempts FROM Customer WHERE CustomerID = ?   ";
		Customer vo = new Customer();
		Connection con = null;
		PreparedStatement stmt = null;
		ResultSet rs = null;
		try {
			con = ConexionBD.obtenerConexion();
			stmt = con.prepareStatement(query);
			stmt.setString(1, customerID);

			rs = stmt.executeQuery();

			if (rs.next()) {

				// ///// chech if its unlock

				if (rs.getInt("LoginAttempts") > 3) {
					throw new Exception("CustomerID Lock!");
				}

				// /////////////////////

				vo.setCustomerId(rs.getString("CustomerID"));
				vo.setCustomerPassword(rs.getString("CustomerPassword"));
				vo.setLoginAttempts(rs.getInt("LoginAttempts"));
				vo.setPasswordDate(rs.getDate("PasswordDate"));
			} else {

				throw new Exception("customerID incorrect");

			}

			// ////////////////////

			if (!CustomerPassword.equals(vo.getCustomerPassword())) {

				String query2 = "UPDATE Customer SET LoginAttempts = ? WHERE CustomerID = ?";
				Connection con2 = null;
				PreparedStatement stmt2 = null;
				try {
					con2 = ConexionBD.obtenerConexion();
					stmt2 = con2.prepareStatement(query2);

					stmt2.setInt(1, vo.getLoginAttempts() + 1);
					stmt2.setString(2, vo.getCustomerId());

					int i = stmt2.executeUpdate();
					if (i != 1) {
						throw new SQLException("No se pudo actualizar");
					}
				} catch (SQLException e) {
					System.err.println(e.getMessage());
					throw new Exception(e.getMessage());
				} finally {
					this.cerrarStatement(stmt);
					this.cerrarConexion(con);
				}

				throw new Exception("Password incorrect");
			}

			if (CustomerPassword.equals(vo.getCustomerPassword())) {

				String query3 = "UPDATE Customer SET LoginAttempts = 0 WHERE CustomerID = ?";
				Connection con3 = null;
				PreparedStatement stmt3 = null;
				try {
					con3 = ConexionBD.obtenerConexion();
					stmt3 = con3.prepareStatement(query3);
					stmt3.setString(1, vo.getCustomerId());
					int i = stmt3.executeUpdate();
					if (i != 1) {
						throw new SQLException("No se pudo actualizar");
					}
				} catch (SQLException e) {
					System.err.println(e.getMessage());
					throw new Exception(e.getMessage());
				} finally {
					this.cerrarStatement(stmt);
					this.cerrarConexion(con);
				}
			}
		} catch (SQLException e) {
			System.err.println(e.getMessage());
			throw new Exception(e.getMessage());
		} finally {
			this.cerrarResultSet(rs);
			this.cerrarStatement(stmt);
			this.cerrarConexion(con);
		}
		return vo;
	}

	public Customer updateattempts(Customer vo) throws Exception {
		String query = "UPDATE Customer SET LoginAttempts=? WHERE CustomerID=?";
		Connection con = null;
		PreparedStatement stmt = null;
		try {
			con = ConexionBD.obtenerConexion();
			stmt = con.prepareStatement(query);
			stmt.setString(1, vo.getCustomerPassword());
			stmt.setDate(2, new java.sql.Date(vo.getPasswordDate().getTime()));
			stmt.setInt(3, vo.getLoginAttempts());
			stmt.setString(4, vo.getCustomerId());
			int i = stmt.executeUpdate();
			if (i != 1) {
				throw new SQLException("No se pudo actualizar");
			}
		} catch (SQLException e) {
			System.err.println(e.getMessage());
			throw new Exception(e.getMessage());
		} finally {
			this.cerrarStatement(stmt);
			this.cerrarConexion(con);
		}
		return vo;
	}

	public boolean checkQuestion(String customerID, String Question,
			String Answer) throws Exception {

		String query = "SELECT * FROM Security WHERE customerID=? and Question=? and Answer = ?   ";

		Connection con = null;
		PreparedStatement stmt = null;
		ResultSet rs = null;

		boolean same = false;
		try {
			con = ConexionBD.obtenerConexion();
			stmt = con.prepareStatement(query);
			stmt.setString(1, customerID);
			stmt.setString(2, Question);
			stmt.setString(3, Answer);

			rs = stmt.executeQuery();

			if (rs.next()) {
				same = true;
			}
			System.out.println(same);

		} catch (SQLException e) {
			System.err.println(e.getMessage());
			throw new Exception(e.getMessage());
		} finally {
			this.cerrarResultSet(rs);
			this.cerrarStatement(stmt);
			this.cerrarConexion(con);
		}
		return same;

	}

}